In Windows 10, you can add or remove a user account from a group to grant or revoke access to certain Windows features, file system folders, shared objects, and more. There are a number of ways to do it. Let's review them.
Group accounts are used to manage privileges for multiple users. Global group accounts, for domain use, are created in Active Directory Users And Computers, while local group accounts, for local system use, are created in Local Users And Groups. Generally, group accounts are created to facilitate the management of similar types of users. The types of groups that can be created include the following:
- Groups for departments within the organization: Generally, users who work in the same department need access to similar resources. Because of this, groups can be created that are organized by department, such as Business Development, Sales, Marketing, or Engineering.
- Groups for users of specific applications: Often, users will need access to an application and resources related to the application. Application-specific groups can be created so that users get proper access to the necessary resources and application files.
- Groups for roles within the organization: Groups could also be organized by the user's role within the organization. For example, executives probably need access to different resources than supervisors and general users. Thus, by creating groups based on roles within the organization, proper access is given to the users that need it.
A local user group is created locally. These are the groups you can use directly on a Windows 10 computer without adding the computer to an Active Directory domain. Here is the list of groups typically available in Windows 10 out-of-the box.
- Backup Operators
- Cryptographic Operators
- Distributed COM Users
- Event Log Readers
- Network Configuration Operators
- Performance Log Users
- Performance Monitor Users
- Power Users
- Remote Desktop Users
To add a user account to a local group in Windows 10, you can use either MMC, the console tool net.exe, or PowerShell. Let's see how it can be done.
To add users to a group in Windows 10, do the following.
- Press Win + R shortcut keys on your keyboard and type the following in the run box:
- Click on Groups on the left.
- Double-click the group you want to add users to in the list of groups.
- Click the Add button to add one or more users.
- Alternatively, you can click the Users folder on the left.
- Double-click on the user account on the right.
- Switch to the Member of tab and click on the Add button to select a group you want to add the user account to.
Note: You can use Local Users and Groups snap-in if your Windows edition comes with this app. Otherwise, you can use one of the methods described below.
Add users to a group using the NET tool
- Open an elevated command prompt.
- Type the following command:
net localgroup "Group" "User" /add
Replace the Group portion with the actual group name. Provide the desired user account instead of the "User" portion. For example,
- To remove a user from a group, execute the next command:
net localgroup "Group" "User" /delete
See the following screenshot:
Add users to a group using PowerShell
- Open PowerShell as Administrator. Tip: You can add "Open PowerShell As Administrator" context menu.
- Type or copy-paste the following command:
Add-LocalGroupMember -Group "Group" -Member "User"
Replace the Group portion with the actual group name. Provide the desired user account instead of the "User" portion.
- To remove a user account from a group, use the cmdlet Remove-LocalGroupMember as follows.
Remove-LocalGroupMember -Group "Group" -Member "User"
The Add-LocalGroupMember cmdlet adds users or groups to a local security group. All the rights and permissions that are assigned to a group are assigned to all members of that group.
The cmdlet Remove-LocalGroupMember removes members from a local group.